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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

Listing of Claims: 

1. (Currently Amended) A method for providing path lev e l controlling access control to 
[[a]] structured documents in a collection Gtorod in a database, whoroin the structur e d document 
comprises a plurality of nod e s , the method comprising the steps of: 

(a) providing an access control policy for tho collection a structured document 
comprising a plurality of nodes, wherein the access control policy comprises a plurality of access 
control rules; 

(b) generating a path for each node of the plurality of nodes in the structured 
document; and 

(c) generating for o aoh path aooooiated with a nod e a corr e sponding value expression 
for each path based on at least one acce s s control rul e of the plurality of access control rules, 

wherein the corr e sponding value expression is an executable statement utilized during 
access control evaluation to determine whether a user is allowed to access a node in the 
structured document. 

2. (Currently Amended) The method of claim 1, wherein the value expression is-as 




indicates who is granted or denied access to the corresponding 



path associated with the node. 
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3. (Original) The method of claim 1 further comprising: 

(d) storing each path and the corresponding value expression in a table. 

4. (Original) The method of claim 3 further comprising: 

(e) compiling each value expression prior to storing step (d). 

5. (Original) The method of claim 4 further comprising: 

(f) receiving a query from a user, wherein the query requests access to a node in the 
document; 

'(g) executing the query; 

(h) evaluating the value expression corresponding to the path associated with the 
requested node; 

(i) displaying data associated with the requested node if the value expression grants 
access to the user; and 

(j) hiding data associated with the requested node if the value expression denies 
access to the user. 

6. (Original) The method of claim 5, wherein the evaluating step (h) is performed during a 
run time. 
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7. (Original) The method of claim 1 , wherein generating step (c) further comprises: 

(cl) normalizing each of the access control rules into a format comprising a head, a 
path and a condition, wherein the condition indicates who is granted or denied access to the path 
and under what circumstances; 

(c2) propagating each of the plurality of access control rules through each path such 
that access to each path is defined by at least one access control rule; and 

(c3) transforming each of the at least one access control rules affecting each path into a 
statement indicating who is granted and denied access to the path. 

8. (Original) The method of claim 3, further comprising: 

(e) replacing the value expression for a path associated with a node with a reference 
notation if the value expression is identical to that for a path associated with the node's parent, 
thereby eliminating repeated value expressions in the table. 

9. (Original) The method of claim 1 , wherein the providing step (a) comprises: 
(al) writing the plurality of access control rules; and 

(a2) validating the plurality of access control rules such that the resulting rules are 
syntactically and logically valid. 

10. (Original) The method of claim 1, wherein the structured document is written in 
Extensible Markup Language. 
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11. (Currently Amended) A computer readable medium oontaining programming 
instructions encoded with a computer program for providing path l e v e l controlling access control 
to [[a]] structured documents in a collection stored in a databas o , whoroin th o otructured 
dooum o nt comprioos a plurality of nodes , the computer program comprising instructions for: 

(a) providing an access control policy for tho coll o ction a structured document 
comprising a plurality of nodes, wherein the access control policy comprises a plurality of access 
control rules; 

(b) generating a path for each node of the plurality of nodes in the structured 
document; and 

(c) generating for o ach path associated with a node a corresponding value expression 
for each path based on at least one acc o ss control rule of the plurality of access control rules, 

wherein the corresponding value expression is an executable statement utilized during 
access control evaluation to determine whether a user is allowed to access a node in the 
structured document. 

12. (Currently Amended) The computer readable medium of claim 11, wherein the value 
expression is an cx o cutablo stat o mont indicating indicates who is granted or denied access to the 
corresponding path associated with the node. 

13. (Original) The computer readable medium of claim 1 1 further comprising: 

(d) storing each path and the corresponding value expression in a table. 
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1 4. (Original) The computer readable medium of claim 1 3 further comprising: 

(e) compiling each value expression prior to storing instruction (d). 

1 5 . (Original) The computer readable medium of claim 1 4 further comprising: 

(f) receiving a query from a user, wherein the query requests access to a node in the 
document; 

(g) executing the query; 

(h) evaluating the value expression corresponding to the path associated with the 
requested node; 

(i) displaying data associated with the requested node if the value expression grants 
access to the user; and 

(j) hiding data associated with the requested node if the value expression denies 
access to the user. 

16. (Original) The computer readable medium of claim 15, wherein the evaluating 
instruction (h) is performed during a run time. 

17. (Original) The computer readable medium of claim 11, wherein generating instruction 
(c) further comprises: 

(cl) normalizing each of the access control rules into a format comprising a head, a 
path and a condition, wherein the condition indicates who is granted or denied access to the path; 

(c2) propagating each of the plurality of access control rules through each path such 
that access to each path is defined by at least one access control rule; and 
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(c3) transforming each of the at least one access control rules associated with each path 
into a statement indicating who is granted and denied access to the path. 

1 8 . (Original) The computer readable medium of claim 1 3 , further comprising: 

(e) replacing the value expression for a path associated with a node with a reference 
notation if the value expression is identical to that for a path associated with the node's parent, 
thereby eliminating repeated value expressions in the table. 

1 9. (Original) The computer readable medium of claim 1 1, wherein the providing instruction 
(a) comprises: 

(al) writing the plurality of access control rules; and 

(a2) validating the plurality of access control rules such that the resulting rules are 
syntactically and logically valid. 

20. (Original) The computer readable medium of claim 1 1 , wherein the structured document 
is written in Extensible Markup Language. 

21. (Currently Amended) A computer system for providing path l e vel controlling access 
co nt rol to [[a]] structured documents in a collection stor o d in a database, wherein the structured 
documont comprisoo a plurality of nod es, the computer system comprising: 

a database management system k-a implemented on the computer system, the database 
management system comprising 
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an access control policy for a structured document, wherein the structured 
document comprises a plurality of nodes and the access control policy comprises a 
plurality of access control rules, and 

an access control mechanism configured to ff;!"! 

generate a path for each of the plurality of nodes in the structured 

document and 

generate a value expression for each path based on at least one of the 
plurality of access control rules, 

an access control policy for the collection, wher e in fee acc es s control policy comprises a 
p lurality of access control rul e s; and 

an Access Control mechanism in th e database managom o nt o yst o m for generating a path 
for each node of the - plurality of nodes in th o docum o nt, and for generating for oaoh path 
associated with a node a corresponding valu e oxproooion based on at least one access control rule 
of th o plurality of access control rule s , 

wherein the value expression is an executable statement utilized by the database 
management system utilizes tho corresponding value expr e ssion during access control evaluation 
to determine whether a user is allowed to access a node in the structured document. 

22. (Currently Amended) The computer system of claim 21 , wherein the value expression is 
an ox o cutablo statement indicating indicates who is granted or denied access to the corresponding 
path associated with the node. 
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23. (Currently Amended) The computer system of claim 21, wherein the access control 
mechanism is configured to store each path and the corresponding value expression in a table. 

24. (Currently Amended) The computer system of claim 23 , wherein the database 
management system further eompriaing comprises a compiler for compiling configured to 
compile each value expression prior to storing storage of the value expression in the table. 

25. (Currently Amended) The computer system of claim 24, wherein the database 
management system is configured to receive a query from a user, wherein the query requests 
access to a node in the document, to execute the query, to evaluate the value expression 
corresponding to the path associated with the requested node, to display data associated with the 
requested node if the value expression grants access to the user, and to hide data associated with 
the requested node if the value expression denies access to the user. 

26. (Currently Amended) The computer system of claim 25, wherein access control 
evaluation is performed during a run time. 

27. (Currently Amended) The computer system of claim 21, wherein the access control 
mechanism comprises: 

a translator for normalizing each of the access control rules into a format comprising a 
head, a path and a condition, wherein the condition indicates who is granted or denied access to 
the path, and for propagating each of the plurality of access control rales through each path such 
that access to each path is defined by at least one access control rule; and 
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a value expression generator for transforming each of the at least one access control rules 
associated with each path into a statement indicating who is granted and denied access to the 
path, 

28. (Currently Amended) The computer system of claim 21, wherein the access control rules 
are syntactically and logically valid. 

29. (Currently Amended) The computer system of claim 21, wherein the structured 
document is written in Extensible Markup Language. 

30. (Currently Amended) A method for providing path l e vel controlling access control to 
[[a]] structured documents in a collection stored in a databas o , whor o in th e structur e d document 
compris e s a plurality of nodea , the method comprising the steps of: 

(a) providing an access control policy for the collection a structured document 
comprising a plurality of nodes, wherein the access control policy comprises a plurality of access 
control rules; 

(b) generating a path for each neds of the plurality of nodes in the structured 
document; 

(c) generating for each path associated with a nod e a corresponding value expression 
for each path based on at least one acce s s control rul e of the plurality of access control rules, 
wherein the value expression is an executable statement indicating who is granted or denied 
access to the corresponding path associated with the node; and 

(d) storing each path and the corresponding value expression in a table; 
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wherein the corrooponding value expression is utilized during access control evaluation to 
determine whether a user is allowed to access a node in the structured document. 

3 1 . (Original) The method of claim 30 further comprising: 

(e) receiving a query from a user, wherein the query requests access to a node in the 
document; 

(f) executing the query; 

(g) evaluating the value expression corresponding to the path associated with the 
requested node during a run time; 

(h) displaying data associated with the requested node if the value expression grants 
access to the user; and 

(i) hiding data associated with the requested node if the value expression denies 
access to the user. 

32. (Original) The method of claim 30, wherein generating step (c) further comprises: 

(cl) normalizing each of the access control rules into a format comprising a head, a 
path and a condition, wherein the condition indicates who is granted or denied access to the path 
and under what circumstances; 

(c2) propagating each of the plurality of access control rules through each path such 
that access to each path is defined by at least one access control rule; and 

(c3) transforming each of the at least one access control rules affecting each path into a 
statement indicating who is granted and denied access to the path, 
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33. (Currently Amended) A computer readable medium containing programming 
instruction s encoded with a computer progr am for providing path level controlling access control 
to [[a]] structured documents in a collection stored in a database, wherein the structured 
document comprises a plurality of nodes , the computer program comprising instructions for: 

(a) providing an access control policy for the - collection a structured document 
comprising a plurality of nodes, wherein the access control policy comprises a plurality of access 
control rules; 

(b) generating a path for each node of the plurality of nodes in the structured 
document; 

(c) generating for each path as s ociated with a node a corresponding value expression 
for each path based on at least one access control rule of the plurality of access control rules, 
wherein the value expression is an executable statement indicating who is granted or denied 
access to the corresponding path associated with the node; and 

(d) storing each path and the corresponding value expression in a table; 

wherein the correspondi n g value expression is utilized during access control evaluation to 
determine whether a user is allowed to access a node in the structured document. 

34. (Original) The computer readable medium of claim 33 further comprising: 

(e) receiving a query from a user, wherein the query requests access to a node in the 
document; 

(f) executing the query; 

(g) evaluating the value expression corresponding to the path associated with the 
requested node during a run time; 
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(h) displaying data associated with the requested node if the value expression grants 
access to the user; and 

(i) hiding data associated with the requested node if the value expression denies 
access to the user. 

35. (Original) The computer readable medium of claim 33, wherein generating instruction 
(c) further comprises: 

(cl) normalizing each of the access control rules into a format comprising a head, a 
path and a condition, wherein the condition indicates who is granted or denied access to the path 
and under what circumstances; 

(c2) propagating each of the plurality of access control rules through each path such 
that access to each path is defined by at least one access control rule; and 

(c3) transforming each of the at least one access control rules affecting each path into a 
statement indicating who is granted and denied access to the path. 

36. (Currently Amended) A method for providing path l e v e l controlling access control to 
[[a]] structured documents in a collection ator e d in a databaoe, wh e rein tho structured docum e nt 
oompris e s a plurality of node s, the method comprising the steps of: 

(a) providing an access control policy for the collection a structured document 
comprising a plurality of nodes, wherein the access control policy comprises a plurality of access 
control rules; 

(b) generating a path for each node of the plurality of nodes in the structured 
document; 
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(c) generating & r oach path associated with a nod e a corresponding value expression 
for each path based on at least one access control rul e of the plurality of access control rules, 
wherein the generating step comprising comprises : 

(cl) normalizing each of the access control rules into a format comprising a 
head, a path and a condition, wherein the condition indicates who is granted or denied 
access to the path and under what circumstances; 

(c2) propagating each of the plurality of access control rules through each path 
such that access to each path is defined by at least one access control rule; and 

(c3) transforming each of the at least one access control rules affecting each 
path into a statement indicating who is granted and denied access to the path; and 

(d) storing each path and the corresponding value expression in a table; 

wherein the ee rrosponding value expression is an executable statement utilized during 
access control evaluation to determine whether a user is allowed to access a node in the 
structured document. 

37. (Currently Amended) A computer readable medium containing programming 
inotruotiono encoded with a computer program for providing path lev el controlling access control 
to [[a]] structured documents in a collection stor e d in a database, wh e rein the structured 
document compris e s a plurality of nod es, the computer program comprising instructions for: 

(a) providing an access control policy for the coll e ction a structured document 
comprising a plurality of nodes, wherein the access control policy comprises a plurality of access 
control rules; 
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(b) generating a path for each node of the plurality of nodes in the structured 
document; 

(c) generating for each path associated with a nod e a corresponding value expression 
for each path based on at least one acc e ss control rul e of the plurality of access control rules, 
wherein the generating step comprising comprises : 

(cl) normalizing each of the access control rules into a format comprising a 
head, a path and a condition, wherein the condition indicates who is granted or denied 
access to the path and under what circumstances; 

(c2) propagating each of the plurality of access control rules through each path 
such that access to each path is defined by at least one access control rule; and 

(c3) transforming each of the at least one access control rules affecting each 
path into a statement indicating who is granted and denied access to the path; and 

(d) storing each path and the corresponding value expression in a table; 

wherein the corr e sponding value expression is an executable statement utilized during 
access control evaluation to determine whether a user is allowed to access a node in the 
structured document. 
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